The Downfall of a Cyber-Criminal: “W0zniak”

Executive Summary Binary Defense regularly monitors Darknet sites, criminal forums and other sources to find threats that may affect our clients. When our analysts found someone offering to sell backdoor access to a Managed Services Provider (MSP), we coordinated with the FBI to discover the identity of the MSP and preserve evidence. We also found […]

Emotet Evolves With new Wi-Fi Spreader

Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. Recently, Binary Defense has identified a new loader type that […]

An Updated ServHelper Tunnel Variant

James Quinn, Threat Researcher for Binary Defense Executive Summary Binary Defense Researchers discovered active Command and Control (C2) servers and a new version of ServHelper, a malicious Remote Desktop Protocol (RDP) backdoor program known to be used by the threat group TA505.  TA505 is a financially motivated threat group that has been active since at […]